BURGESS et al. 
Appl. No. 09/760,721 
November 3, 2004 

AMENDMENTS TO THE CLAIMS : 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1. (Currently Amended) A multi-port network communication device including: 
a plurality of ports for the reception and transmission of addressed data packets which 

include media access control address data; 

a forwarding mechanism for directing packets received at any of said plurality of ports to 
at least one of the plurality of ports; 

a memory for the selectively controllable storage of permitted indi vidual media access 
control addresses; and 

means for restricting forwarding of packets from the device in response to an 
examination of media access control data in said packets and said permitted media access control 
addresses; 

wherein said means for restricting prevents the forwarding of a unicast packet having a 
source address and a destination address when neither of those addresses in the unicast packet 
corresponds to a permitted media access control address, said device including means for 
comparing both the source address and the destination address of said unicast packet with said 
permitted individual media access control addresses. 

2. (Original) A device according to claim 1 wherein said means for restricting 
prevents the forwarding of multicast and/or broadcast packets to ports which are not connected to 
devices having permitted media access control addresses, 
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said device being operative to provide a list of ports which are connected to devices 
having permitted media access control addresses and said forwarding mechanism including a 
port mask generator for producing a port mask that identifies a port which is both a port to which 
a packet may be forwarded according to media access control data in the packet and a port in 
said list. 

3. (Currently Amended) A multi-port network switch including: 

a plurality of ports for the reception and transmission of addressed data packets which 
include media access control source and destination address data; 

a forwarding database relating media access control addresses to said ports; 

a forwarding mechanism for directing, in response to media access control destination 
address data in a received packet and in cooperation with said forwarding database, said received 
packet to at least one of the plurality of ports; 

a memory for the selectively controllable storage of permitted individual media access 
control addresses; and 

means for restricting forwarding of packets form the device in response to an 
examination of media access control data in said packets and said permitted individual media 
access control addresses; 

wherein said means for restricting prevents the forwarding of said received packet when 
said packet is a received unicast packet having a source address and a destination address when 
neither of those addresses in the received unicast packet corresponds to a permitted media access 
control address, said devieeswitch including means for comparing both the source address and 
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the destination address of said received unicast packet with said permitted individual media 
access control addresses. 

4. (Original) A switch according to claim 3 wherein said means for restricting 
prevents the forwarding of multicast and/or broadcast packets to ports which are not connected to 
devices having permitted media access control addresses, 

said switch including: 

a cache containing a list of ports which are connected to devices having permitted media 
access control addresses; and 

a port mask generator for producing a port mask that identifies a port which is both a port 
to which a packet may be forwarded according to media access control data in the packet and a 
port in said list. 

5. (New) A multi-port network switch including: 

a plurality of ports for the reception and transmission of addressed data packets which 
include media access control source and destination address data; 

a forwarding database relating media access control addresses to said ports; 

a forwarding mechanism for directing, in response to media access control destination 
address data in a received packet and in cooperation with said forwarding database, said received 
packet to at least one of the plurality of ports; 

a memory for the selectively controllable storage of permitted individual media access 
control addresses; and 
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means for restricting forwarding of packets from the device in response to an 
examination of media access control data in said packets and said permitted individual media 
access control addresses; 

wherein said means for restricting 

(a) prevents the forwarding of said received packet when said packet is a received 
unicast packet having a source address and a destination address when neither of those addresses 
in the received unicast packet corresponds to a permitted individual media access control 
address, said switch including means for comparing both the source address and the destination 
address of said received unicast packet with said permitted individual media access control 
addresses; and 

(b) prevents the forwarding of a multicast and/or a broadcast packet to ports which are 
not connected to devices having permitted individual media access control addresses stored in 
said memory. 

6. (New) A method for providing multi-port network communication using a 
plurality of ports for the reception and transmission of addressed data packets which include 
media access control address data, said method comprising: 

directing packets received at any of said plurality of ports to at least one of the plurality 
of ports; 

selectively controlling storage of permitted individual media access control addresses; 
restricting forwarding of packets in response to an examination of media access control 
data in said packets and said permitted media access control addresses; and 
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preventing forwarding of a unicast packet having a source address and a destination 
address when neither of those addresses in the unicast packet corresponds to a permitted media 
access control address based on comparison of both the source address and the destination 
address of said unicast packet with said permitted individual media access control addresses. 

7. (New) A method as in claim 6 wherein said restricting step prevents the 
forwarding of multicast and/or broadcast packets to ports which are not connected to devices 
having permitted media access control addresses, and further comprising: 

providing a list of ports which are connected to devices having permitted media access 
control addresses and producing a port mask that identifies a port which is both a port to which a 
packet may be forwarded according to media access control data in the packet and a port in said 
list. 

8. (New) A method for switching a multi-port network including a plurality of ports 
for the reception and transmission of addressed data packets which include media access control 
source and destination address data, said method comprising: 

maintaining a forwarding database relating media access control addresses to said ports; 

directing, in response to media access control destination address data in a received 
packet and in cooperation with said forwarding database, said received packet to at least one of 
the plurality of ports; 

selectively controlling storage of permitted individual media access control addresses; 
restricting the forwarding of packets in response to an examination of media access 
control data in said packets and said permitted individual media access control addresses; 
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preventing the forwarding of said received packet when said packet is a received unicast 
packet having a source address and a destination address when neither of those addresses in the 
received unicast packet corresponds to a permitted media access control address based on 
comparing both the source address and the destination address of said received unicast packet 
with said permitted individual media access control addresses. 

9. (New) A method as in claim 8 wherein said restricting prevents the forwarding of 
multicast and/or broadcast packets to ports which are not connected to devices having permitted 
media access control addresses, and further comprising: 

maintaining a cache containing a list of ports which are connected to devices having 
permitted media access control addresses; and 

producing a port mask that identifies a port which is both a port to which a packet may be 
forwarded according to media access control data in the packet and a port in said list. 

10. (New) A method for switching a multi-port network including a plurality of ports 
for the reception and transmission of addressed data packets which include media access control 
source and destination address data, said method comprising: 

maintaining a forwarding database relating media access control addresses to said ports; 

directing, in response to media access control destination address data in a received 
packet and in cooperation with said forwarding database, said received packet to at least one of 
the plurality of ports; 

selectively controlling storage of permitted individual media access control addresses; 
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restricting forwarding of packets from the device in response to an examination of media 
access control data in said packets and said permitted individual media access control addresses 
wherein: 

(a) the forwarding of said received packet is prevented when said packet is a received 
unicast packet having a source address and a destination address when neither of those addresses 
in the received unicast packet corresponds to a permitted individual media access control address 
based on comparing both the source address and the destination address of said received unicast 
packet with said permitted individual media access control addresses; and 

(b) preventing the forwarding of a multicast and/or a broadcast packet to ports which are 
not connected to devices having stored permitted individual media access control addresses. 
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